rule Linux_Exploit_CVE_2010_3301_79d52efd {
    meta:
        author = "Elastic Security"
        id = "79d52efd-7955-4aa3-afbe-b7d172c30f34"
        fingerprint = "22235427bc621e07c16c365ddbf22a4e1c04d7a0f23c3e4c46d967d908256567"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2010-3301"
        reference_sample = "53a2163ad17a414d9db95f5287d9981c9410e7eaeea096610ba622eb763a6970"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { E8 3B F9 FF FF 83 7D D4 FF 75 16 48 8D 3D 35 03 }
    condition:
        all of them
}

rule Linux_Exploit_CVE_2010_3301_d0eb0924 {
    meta:
        author = "Elastic Security"
        id = "d0eb0924-dae1-46f9-a4d0-c9e69f781a22"
        fingerprint = "bb288a990938aa21aba087a0400d6f4765a622f8ed36d1dd7953d09cbb09ff83"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2010-3301"
        reference_sample = "907995e90a80d3ace862f2ffdf13fd361762b5acc5397e14135d85ca6a61619b"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { E8 3C FA FF FF 83 7D EC FF 75 19 BF 20 13 40 00 }
    condition:
        all of them
}

rule Linux_Exploit_CVE_2010_3301_a5828970 {
    meta:
        author = "Elastic Security"
        id = "a5828970-7a30-421c-be92-5659c18b88d1"
        fingerprint = "72223f502b2a129380ab011b785f6589986d2eb177580339755d12840617ce5f"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2010-3301"
        reference_sample = "4fc781f765a65b714ec27080f25c03f20e06830216506e06325240068ba62d83"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { E8 7C FC FF FF 83 7D EC FF 75 19 BF 40 0E 40 00 }
    condition:
        all of them
}

